Amendments to the claims: 

1 . (previously presented) A method of enforcing security policies in a data access system, 
said method comprising: 

defining a first action as a condition; 

determining that a second action should not take place if said condition occurs; and 
upon occurrence of said condition, placing a rule into data access management software in 
said data access system, said rule precluding said second action. 

2. (original) The method of claim 1 wherein said condition is effectuation of a first transaction by 
a user and said second action is the effectuation of a related transaction by the same user. 

3. (original) The method of claim 1 wherein said condition is effectuation of a first 
transaction by a first user in a particular role, and said second action is the effectuation of a second 
transaction by a second user in a second role, the roles being either the same or different. 

4. (original) The method of claim 3 wherein the role of the first user and that of the second 
user are different. 

5. (previously presented) The method of claim 2, further comprising eliminafing said rule 
from said data access management software upon rescinding of said condition. 

6. (original) The method of claim 2 wherein a user attempting to effectuate said related 
transaction is informed of said condition and advised automatically that said second action is 
prohibited pending the relinquishment of the condition. 

7. (original) The method of claim 2 wherein said first acfion is the ordering of goods or 
services and said second action is the payment for such goods or services. 

8. (currently amended) Apparatus for enforcing security policies to increase security of data 
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access management software, said apparatus comprising: 

a file of rules, said rules only being applicable to prevent specified data transactions by a 
first user upon the effectuation of sp e cifi e d t ransac t ions to modify t he data a specified action by 
said first user; 

software for recognizing that said first user has effected said specified action t ransac t ion , 

and 

means for reading said file, locating said rules to prevent said specified data transactions, 
and, upon occurrence of a- said specified action of said first user, integrating said rules into said 
data access management software such that said specified da t abas e data transactions are 
prohibited. 

9. (original) Apparatus of claim 8 wherein further comprising means for eliminating the rule 
from the data access management software at the conclusion of a predetermined time or upon a 
predetermined condition. 

10. (previously presented) A method of enforcing confidentiality in the form of a wall 
comprising the steps of: 

storing at least one rule that prohibits a known party from accessing specified information in 
a database or file if a first specified condition occurs; 

upon a first specified condition occurring, modifying data access management software to 
include a rule that prohibits a known party from accessing specified information in a database or 
file; 

said first specified condition being indicative of said known party having knowledge of a 
particular set of information; and 

upon a second specified condition occurring, removing said rule from the data access 
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management software and storing said rule for fiiture use, said specified second condition 
indicating that said knowledge is no longer sensitive. 

11. (original) The method of claim 10 wherein said rule is generated from a template rule. 

12. (original) The method of claim 1 1 wherein said known party is defined as any individual 
engaged in a predetermined role. 

13. (previously presented) The method of claim 10 wherein said known party is notified of the 
occurrence of said second condition. 

14. (original) The method of claim 13 wherein said notification is via email. 

15. (original) The method of claim 10 wherein said knowledge is no longer sensitive because 
it has been made public or because a predetermined time has passed. 

16. (original) The method of claim 1 wherein said rule is generated from a template rule. 

17. (previously presented) The method of claim 10 wherein some other individual, not the 
known party, is notified of the occurrence of said second condition. 

18. (previously presented) The method of claim 17 wherein said notification is via e-mail. 

19. (previously presented) The method of claim 11 wherein some other individual, not the 
known party, is notified of the occurrence of said second condition. 

20. (previously presented) The method of claim 19 wherein said notification is via e-mail. 

21. (cancelled) 

22. (previously presented) The method of claim 1 1 wherein another individual, not the known 
party, is notified when the known party attempts the prohibited second action more than once. 

23. (previously presented) The method of claim 10 wherein another individual, not the known 
party, is notified when the known party attempts to access said specified information in the 
database more than once. 
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24. (previously presented) The method of claim 23 wherein the notification is via e-mail. 

25. (original) The method of claim 22 wherein the notification is via e-mail. 

26. (previously presented) The method of claim 23 wherein said another individual is the users 
manager or supervisor. 

27. (previously presented) The method of claim 23 wherein said another individual is 
responsible for data security. 

28. (previously presented) The method of claim 22 wherein said another individual is the users 
manager or supervisor. 

29. (previously presented) The method of claim 22 wherein said another individual is 
responsible for data security. 

30. (previously presented) The apparatus of claim 9 wherein the eliminated rule is saved in an 
audit log. 

31. (previously presented) The method of claim 10 wherein the removed rule is saved in an 
audit log. 

32. (previously presented) The method of claim 1 wherein the rule is not loaded until a 
specified user logs on to the system. 

33. (previously presented) The method of claim 1 wherein the rule is only tested for a specified 
user. 

34. (previously presented) The method of claim 10 wherein the rule is not loaded until a 
specified user logs on to the system. 

35. (previously presented) The method of claim 10 wherein the rule is only tested for a 
specified user. 

36. (previously presented) The method of claim 3 wherein the rule is not loaded until a user in 
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a specified role logs on to the system. 

37. (previously presented) The method of claim 3 wherein the rule is only tested for a user in 
a specified role. 

38. (previously presented) The method of claim 12 wherein the rule is not loaded until a user 
in a specified role logs on to the system. 

39. (previously presented) The method of claim 12 wherein the rule is only tested for a user in 
a specified role. 

40. (original) The method of claim 1 wherein the security policy is separation of duties. 

41. (original) The method of claim 1 wherein the security policy is compliance to regulation. 

42. (original) The method of claim 1 wherein the security policy is privacy of data. 

43. (previously presented) The method of claim 23 wherein said another individual is a 
computer process. 

44. (previously presented) The method of claim 22 wherein said another individual is a 
computer process. 

45. (previously presented) The method of claim 1 wherein said rule is generated upon occurrence 
of said condition. 

46. (previously presented) The apparatus of claim 8 further comprising means for generating said 
rules upon occurrence of said specified action of said first user. 

47. (previously presented) The method of claim 10 wherein said rule is generated upon 
occurrence of said first specified condition. 



6 



